Heads-up: Exim 4.96 RC0 may break your Dovecot LDA delivery

[Kirill Miazine]

My main goal was to warn Dovecot people about potential issues when
upgrading.

Using LMTP is, of course, an option, and should be considered, but there
are still cases when using LDA is appropriate.

In my case I couldn't easily just switch to LMTP, as that would affect
the way spam scanning and training is done. In fact, I do have LMTP set
up too, but I have it commented out as with LMTP in my setup I'm not
getting spam training. My spam scanning and training is implemented
using Exim facility called transport_filter and allows for very
lightweight spam checking using bogofilter.

Some users might be calling Dovecot LDA from their .forward files.

• Aki Tuomi [2022-04-25 16:56]:
> You could also just switch to LMTP instead of LDA.
> 
> Aki
> 
> > On 25/04/2022 16:47 Kirill Miazine <km at krot.org> wrote:
> > 
> >  
> > So my workaround was to create a simple wrapper and call it, instead of
> > dovecot-lda:
> > 
> > $ cat /local/bin/dovecot-lda-wrapper
> > #!/bin/sh
> > exec /usr/local/libexec/dovecot/dovecot-lda \
> >   -d "${LOCAL_PART}@${DOMAIN}" \
> >   -a "${LOCAL_PART}${LOCAL_PART_SUFFIX}@${DOMAIN}" \
> >   -r "${LOCAL_PART}${LOCAL_PART_SUFFIX}@${DOMAIN}" \
> >   -f "${SENDER}"
> > 
> > Here's how it is called from Exim:
> > 
> > dovecot_pipe:
> >     driver = pipe
> >     command = /local/bin/dovecot-lda-wrapper
> > #    command = /usr/local/libexec/dovecot/dovecot-lda \
> > #                -d $local_part@$domain \
> > #                -a $local_part$local_part_suffix@$domain \
> > #                -r $local_part$local_part_suffix@$domain \
> > #                -r $local_part$local_part_suffix@$domain \
> > #                -f $return_path
> > 
> > • Kirill Miazine [2022-04-25 14:36]:
> > > Hi, all
> > > 
> > > The just released RC0 for Exim 4.96 will break Dovecot LDA delivery as
> > > described on https://wiki.dovecot.org/LDA/Exim
> > > 
> > > Here is the relevant ChangeLog entry:
> > > 
> > > JH/25 Taint-check exec arguments for transport-initiated external processes.
> > >       Previously, tainted values could be used.  This affects "pipe", "lmtp" and
> > >       "queryprogram" transport, transport-filter, and ETRN commands.
> > >       The ${run} expansion is also affected: in "preexpand" mode no part of
> > >       the command line may be tainted, in default mode the executable name
> > >       may not be tainted.
> > > 
> > > As of now I don't have a personal working solution to get untained data.
> > > I did try a small hack, but Exim was smart enough to see what I was
> > > doing.
> > > 
> > > -- 
> > >     -- Kirill Miazine <km at krot.org>
> > 
> > -- 
> >     -- Kirill Miazine <km at krot.org>

-- 
    -- Kirill Miazine <km at krot.org>